Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs
Service pack bricks machines by blocking boots, banning launch of virtually every Windows executable
By Gregg Keizer | Computerworld US | Published: 13:07, 16 May 2012
Avira has issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.
The German security firm has now updated the software to sidestep the problem.
"Following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers' PCs," Avira acknowledged. "We deeply regret any difficulties this has caused you."
Related Articles on Techworld
Avira is the world's second-biggest antivirus maker, according to usage statistics.
The service pack included an update to ProActiv, a behavioural-based monitoring system that watches for suspicious events that may hint at a malware attack or point to an infection.
Users quickly reported that the updated ProActiv was blocking almost every legitimate Windows executable file - those with the ".exe" extension - meaning that most applications refused to launch. Even worse, ProActiv prevented critical Windows files from running, which in many cases "bricked" PCs, or kept them from even properly booting.
The inadvertent blocking impacted Avira Professional Security, Avira Internet Security 2012 and Avira Antivirus Premium 2012, paid products priced £16.99. Avira's free antivirus software, which has limited functionality - and does not include ProActiv - was not affected.
Customers were understandably irate.
"This update has been pretty catastrophic. The whole company ground to a standstill," reported someone identified as "AaronH" in a message on Avira's support site. "I've been a big proponent of Avira within our company, but I think that may change when it comes time to renew our licence in a few months."
According to the same support discussion thread, Avira's fix simply disabled ProActiv. The company will reportedly investigate to uncover the root cause of the massive blocking before re-enabling the feature.
Avira isn't the first antivirus vendor to cripple or damage Windows systems with a flawed update.
Last September, Microsoft's Security Essentials and Forefront - its consumer-grade and enterprise-grade antivirus software, respectively - issued a faulty malware signature update that deleted Google's Chrome browser from thousands of PCs.
Before that, all three of the world's largest antivirus companies - Symantec, McAfee and Trend Micro - had shipped defective definitions. In some cases, those mistakes have wreaked as much or more havoc as the Avira blunder.
In April 2010, for example, an update from McAfee paralysed an unknown number of corporate PCs when it quarantined a crucial Windows XP system file.
According to security vendor Opswat, which reports on usage share every quarter, Avira products accounted for 11.6% of all operating copies of antivirus software in the first quarter of 2012, putting the firm in second place worldwide behind Avast, and ahead of AVG Technologies and Microsoft.
In North America, where Symantec, Microsoft and AVG were the top three vendors, Avira had just 4.4% of the market.